arc95/AuthorizeUserAttribute.cs Secret

## AuthorizeUserAttribute.cs
public class AuthorizeUserAttribute : AuthorizeAttribute
{
    public string AccessLevel { get; set; }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);
        if (!isAuthorized)
        {
            return false;
        }

        var privilegeLevels = GetAuthorizedRoles(); // Call another method to get rights of the user from DB

        if (privilegeLevels.Contains(this.AccessLevel))
        {
            return true;
        }
        else
        {
            return false;
        }
    }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        base.HandleUnauthorizedRequest(filterContext);
        filterContext.Result = new RedirectResult("~/Home/Unauthorized");
    }

    private IEnumerable<string> GetAuthorizedRoles()
    {
        var roles = "Goodbye";
        return roles.Split(',');
    }
}

## Controller.cs
[AuthorizeUser(AccessLevel = "Hello")]
public ActionResult Index()
{
      return View();
}
	public class AuthorizeUserAttribute : AuthorizeAttribute
	{
	public string AccessLevel { get; set; }

	protected override bool AuthorizeCore(HttpContextBase httpContext)
	{
	var isAuthorized = base.AuthorizeCore(httpContext);
	if (!isAuthorized)
	{
	return false;
	}

	var privilegeLevels = GetAuthorizedRoles(); // Call another method to get rights of the user from DB

	if (privilegeLevels.Contains(this.AccessLevel))
	{
	return true;
	}
	else
	{
	return false;
	}
	}

	protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
	{
	base.HandleUnauthorizedRequest(filterContext);
	filterContext.Result = new RedirectResult("~/Home/Unauthorized");
	}

	private IEnumerable<string> GetAuthorizedRoles()
	{
	var roles = "Goodbye";
	return roles.Split(',');
	}
	}
	[AuthorizeUser(AccessLevel = "Hello")]
	public ActionResult Index()
	{
	return View();
	}